Organizations must control where private information spreads and to whom it is accessible; this problem is referred to in the security industry as data loss/leak prevention (DLP). Commercial solutions for DLP are based on scanning content, where the content of traffic flowing outside an organization is compared with patterns of sensitive data (e.g., nine-digit social security numbers) to identify potentially private information. These solutions impose high overhead and are easily evaded, such as by simply encrypting data so that private information is unrecognizable.
Research solutions to the DLP problem require rewriting applications or running custom operating systems, which cause difficulties in deployment for most enterprise environments. These solutions also typically attempt to prevent data loss from a single host, and not across a network, making it challenging to implement a data loss prevention policy for a network of devices.